- cross-posted to:
- [email protected]
- [email protected]
- programminghumor
- cross-posted to:
- [email protected]
- [email protected]
- programminghumor
You must log in or register to comment.
I know its supposedly a reference to a meme but I can’t get over the fact the Doge was the oligarchical leader of Venice.
I don’t think “used curl to post content to an open endpoint” counts as hacking tbh
It is by definition hacking.
Stupid doesn’t negate unwanted nor illegal. I may be dumb and leave my door unlocked but you’re still a criminal if you come in without permission and move stuff about.
Nah, hacking legally requires you to gain access to a system that you’re not authorized to touch.
Using a public API endpoint is not hacking.
Hacking is not the name of a charge or a crime. Hacking predates computers. This was clearly a hack. Don’t know what to tell you except go back to your sources.
The crime is “unauthorized access”
In this case, this is not a crime because there is not authentication bypass. Its just accessing a public api
It is unauthorized. An unlocked door isn’t an invitation not is an open website or database, this is clearly delineated in the cfaa which btw makes tampering with any protected device a crime open door or not.
You should really lookup the law before you offer bad advice.
That has nothing to do with my point: “hacking” includes actions which are not illegal, or even malicious.
Sorry, cracking*
If you know it’s not intended to be open then you notify someone it’s white hat hacking.
Iirc they actually modified it which removes any doubt.
Its a public API. This is not hacking any more than me using curl to read your comment without authenticating is hacking.
You can unlawfully use things that are public the fact they admit they know the opening is unintended makes it clearly hacking. Stop trying to undermine an accomplishment simply because you don’t like the connotations you link together in your head.
I’m just explaining how the law works
You’re not though.
Federal law specifically and in multiple prohibits unlicensed/unwanted entry into government devices, you don’t know what you’re talking about you simply feel it shouldn’t be illegal which is a different thing entirely.
The cfaa:
Section 1030 describes a number of offenses that occur when a defendant accesses a protected computer “without authorization.” See 18 U.S.C. §§ 1030(a)(1), (a)(2), (a)(3), (a)(4), and (a)(5)(B)-©. The Department will not charge defendants for accessing “without authorization” under these paragraphs unless when, at the time of the defendant’s conduct, (1) the defendant was not authorized to access the protected computer under any circumstances by any person or entity with the authority to grant such authorization; (2) the defendant knew of the facts that made the defendant’s access without authorization; and (3) prosecution would serve the Department’s goals for CFAA enforcement, as described below in B.3.
https://www.justice.gov/jm/jm-9-48000-computer-fraud
(2) the term “protected computer” means a computer— (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; or © that— (i) is part of a voting system; and (ii) (I) is used for the management, support, or administration of a Federal election; or (II) has moved in or otherwise affects interstate or foreign commerce;
It is by definition hacking, stop being obtuse and moreover stop spreading misinformation.
The CFAA describes “hacking” (not a legal term) as any unauthorized access to a computer system. It literally means that your boss can pretend that you shouldn’t have accessed a file and fire you for it. It means “hacking” is effectively anything. Any incompetence no matter how stupid can result in you being a “hacker” under this law. You looked at a web page that a company claims you shouldn’t have even if they put it on their front page at the root of their domain? Yeah that’s hacking under the CFAA. Sucks to be you, maybe don’t go to wellsfargo.com when they’re doing “scheduled maintenance” you “hacker”. This legislation is trash.
Correct, which is why out isn’t a mandatory charge and has quite a high level of burden to carry.
Lmao yea right
https://en.wikipedia.org/wiki/Aaron_Swartz#United_States_v._Aaron_Swartz_case
It took 40 years and countless trials and affected people for the state to come out and say that CFAA cannot be used against people accessing data that is normally available regardless of intent and purpose.
It’s quite literally a Kafaka-esque law that makes no sense in the modern world because it’s overly broad working, interpretation and previous litigious use.
It’s actually quite simple to get someone under the CFAA, and the burden isn’t high at all. It’s also quite nonsensical
United States vs. Tyler King for example the prosecution and court found no financial motive, no direct involvement and he still got 6.5 years under the conspiracy provisions.
Also some literal exploits are not officially “hacking”. That’s right some actual “hacking” is not hacking by law.
https://en.wikipedia.org/wiki/United_States_v._Kane
United States v Sergey Aleynikov, was literally the US DOJ prosecuting a case of intellectual property fraud on behalf of Goldman Sachs.
CISCO has used the act and DOJ to silence critics and opposition as in United States v. Peter Alfred-Adekeye
In United States v. Nosal & United States v. Lori Drew, the US had tried to get violations of TOS to be seen as a CFAA violation.
CFAA was amended in 2008 to be even more broad than it was written originally.
Looking at the civil cases it’s even more fun:
Craigslist v. 3Taps says that an IP block is legally binding and getting around it is a violation of the CFAA.
Pulte Homes, Inc. v. Laborers’ International Union creates a liability for any letter writing campaign that affects the ability of a company to do business. So if you have a campaign and too many people to complain to a web form such that it causes outages or degredation, it’s a violation and you’re liable.
International Airport Centers, L.L.C. v. Citrin says that it’s a violation to delete files on your work computer, but also LVRC Holdings v. Brekka says using company computers for personal purposes is fine and also Lee v. PMSI, Inc. says violating company policy acceptable use policy is not a violation of the CFAA.
CFAA is a joke anyone defending it has no idea what they’re talking about. There is not a serious technologist who looks at legal issues that consider this a good law. It has a history rife with abuse and corporate malfeasance.
Right off the bat you lost.
Swartz doesn’t have an outcome, he killed himself before that and this wouldn’t be normally accessible anyway. But bey nice ai try bud.
Link#2 also a fail on your part.
The Court held that an individual will “exceed authorized access” under the CFAA when he or she accesses a computer without authorization and obtains information located in particular areas of the computer, such as files or databases, that are off-limits to him. Because Van Buren had access to the license plate information he accessed, the Court reversed the Eleventh Circuit’s opinion. Thus, employers should carefully review employees’ computer access, as access for improper purpose may be permitted under the CFAA.
Link#3
The third is a critique of it’s incredible scope and vagueries of definitions which would again imply I’m correct.
Seriously bud, AI is not your friend, don’t let it out do your schoolwork for you.
It is more like someone immature sitting on the entrance outside the door and doing graffiti on the floor. Surely unwanted and definitely criminal, but inconsequential.
That’s still hacking though boss petty and amusing but still hacking.
It is definitely not hacking as it doesn’t need unauthorized access.
Read the cfaa and try again.
